Page 92 SonicWALL Internet Security Appliance Administrator’s Guide
SonicWALL Log Messages
Each log entry contains the date and time of the event and a brief message describing the event. It
is also possible to copy the log entries from the management interface and paste into a report.
• TCP, UDP, or ICMP packets dropped
When IP packets are blocked by the SonicWALL, dropped TCP, UDP and ICMP messages are
displayed. The messages include the source and destination IP addresses of the packet. The
TCP or UDP port number or the ICMP code follows the IP address. Log messages usually include
the name of the service in quotation marks.
• Web, FTP, Gopher, or Newsgroup blocked
When a computer attempts to connect to the blocked site or newsgroup, a log event is
displayed. The computer’s IP address, Ethernet address, the name of the blocked Web site, and
the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List
categories are shown below.
Descriptions of the categories are available at <http://www.sonicwall.com/Content-Filter/
categories.html>.
• ActiveX, Java, Cookie or Code Archive blocked
When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP
addresses of the connection attempt is displayed.
• Ping of Death, IP Spoof, and SYN Flood Attacks
The IP address of the machine under attack and the source of the attack is displayed. In most
attacks, the source address shown is fake and does not reflect the real source of the attack.
TIP! Some network conditions can produce network traffic that appears to be an attack, even when
no one is deliberately attacking the LAN. To follow up on a possible attack, contact your ISP to
determine the source of the attack. Regardless of the nature of the attack, your LAN is protected
and no further steps are needed.
a=Violence/Profanity g=Satanic/Cult
b=Partial Nudity h=Drug Culture
c=Full Nudity i=Militant/Extremist
d=Sexual Acts j=Sex Education
e=Gross Depictions k=Gambling/Illegal
f=Intolerance l=Alcohol/Tobacco